It was bound to happen - suspected hack

[Dave Hull]

Quoting Matt Graham <linux at bizniche.com>:

> > My secure log (below) seems to indicate that someone is trying to hack
> > into one of my Linux servers.
>
>
> Where does one find a security log on their system, and how does one
> monitor it for possible problems?

On Red Hat systems, /var/log/secure. Red Hat also comes with a logrotate system
that rotates the logs weekly and keeps the old ones around for 4 weeks. And
there's a logwatch application that will send unusual or previously unseen
entries to the root account. I'm sure all of this is highly configurable, but
the default setup has been fine for my needs.

--
Dave Hull
http://insipid.com